1 Answer
1

One way or another, WCF must be able to bind elements in your service's data contract to your client's proxy classes. There is usually little value is obfuscating the proxy classes and their members, but if you do want to obfuscate them you can explicitly set the name of the types and their members using the Name parameter of the [DataContract] or [DataMember] attributes (eg. [DataMember Name="ID"]). Once you've done this, you can disable the "Types and fields marked as serializable" built-in rule from the Rename -> Built-In Rules tab and ensure that "Compatibility with XML serializer" is checked in the Rename -> Options tab. The caveat to this approach is that the names of the serialized properties are still included in your code (in the attributes), and are still sent over the wire.

If you require more protection and you have control of both the service and the client, a better but more cumbersome option might be to put your service contract in its own assembly and process that with Dotfuscator. Again, disable the "Types and fields marked as serializable" built-in rule from the Rename -> Built-In Rules tab and ensure that "Compatibility with XML serializer" is checked in the Rename -> Options tab. Now reference the resulting service contract DLL from both your service and your client application. The tradeoff with this approach is that the contract members will all have obfuscated names (eg. "a") and you will have to reference them as such in your service and client application code. You can examine the map file Dotfuscator produces in order to make sense of the renamed names.

I have control over both service and client. obfuscating service and referring in my code will have maintenance problem in future as you pointed out. Is there an option in Dotfuscator where I can obfuscate both simultaneously? In that way I build my service and client for release and then obfuscate together.
– HakimMar 17 '12 at 7:04

If that's the case, you could add your service binaries, your data contract DLL, and your client binaries to the same Dotfuscator project. Make sure to use the same settings I mentioned previously, and don't set a Name property in the datacontract/datamember attributes so that Dotfuscator will rename the contract's members. Then just make sure to include the obfuscated contract DLL with both the server & client binaries.
– bsiegelMar 17 '12 at 22:36

it is not obfuscating classes because it say "MyClass is decorated with System.Runtime.Serialization.DataContractAttribute."
– HakimMar 19 '12 at 6:48

Ah, sorry - this is due to Dotfuscator's Smart Obfuscation technology automatically excluding these types from renaming, which I had forgotten about. I've written a brief post describing how to disable this feature here: preemptive.com/forum/topic?f=17&t=3442
– bsiegelMar 19 '12 at 17:13

Thanks I will try this on other machine as my Trial is expired... I hope this will solve my problem...Thanks a lot...Will mark it as answer
– HakimApr 1 '12 at 13:46